[Infowarrior] - AT&T leaks sensitive info in NSA suit

Fri May 26 18:35:58 EDT 2006

AT&T leaks sensitive info in NSA suit

By Declan McCullagh
http://news.com.com/AT38T+leaks+sensitive+info+in+NSA+suit/2100-1028_3-60773
53.html

Story last modified Fri May 26 11:56:32 PDT 2006

advertisement

Lawyers for AT&T accidentally released sensitive information while defending
a lawsuit that accuses the company of facilitating a government wiretapping
program, CNET News.com has learned.

AT&T's attorneys this week filed a 25-page legal brief striped with thick
black lines that were intended to obscure portions of three pages and render
them unreadable.

But the obscured text nevertheless can be copied and pasted inside some PDF
readers, including Preview under Apple Computer's OS X and the xpdf utility
used with X11.

The deleted portions of the legal brief seek to offer benign reasons why
AT&T would allegedly have a secret room at its downtown San Francisco
switching center that would be designed to monitor Internet and telephone
traffic. The Electronic Frontier Foundation, which filed the class-action
lawsuit in January, alleges that the room is used by an unlawful National
Security Agency surveillance program.

"AT&T notes that the facts recited by plaintiffs are entirely consistent
with any number of legitimate Internet monitoring systems, such as those
used to detect viruses and stop hackers," the redacted pages say.

Another section says: "Although the plaintiffs ominously refer to the
equipment as the 'Surveillance Configuration,' the same physical equipment
could be utilized exclusively for other surveillance in full compliance
with" the Foreign Intelligence Surveillance Act.

The redacted portions of AT&T's court filing are not classified, and no
information relating to actual operations of an NSA surveillance program was
disclosed. Also, AT&T's attorneys at the law firms of Pillsbury Winthrop
Shaw Pittman and Sidley Austin were careful not to explicitly acknowledge
that such a secret room actually exists.

A representative for AT&T was not immediately available to comment.

Although EFF's lawsuit was filed before allegations about the room surfaced,
reports of its existence have become central to the nonprofit group's
attempts to prove AT&T opened its network to the NSA. A former AT&T
employee, Mark Klein, has released documents alleging the company spliced
its fiber optic cables and ran a duplicate set of cables to Room 641A at its
611 Folsom Street building.

This is hardly the first time that PDF files have leaked embarrassing or
sensitive information. In an ironic twist, the NSA published a 13-page paper
in January describing how redactions could be done securely.

A similar problem has arisen with metadata associated with Microsoft Office
files. In March 2004, a gaffe by the SCO Group revealed which companies it
had considered targeting in its legal campaign against Linux users.
Microsoft Office 2003/XP even offers a way to "permanently remove hidden
data and collaboration data" from Word, Excel and PowerPoint files.

Documents that EFF filed, including a redacted version (click here for PDF)
of a sworn statement by Klein released this week, were properly redacted.
Instead of including the underlying text and layering a black rectangle on
top, the San Francisco-based civil liberties group saved those pages as
image files.